Mahalo for supporting Honolulu Star-Advertiser. Enjoy this free story!
Folks who own their own domain name, whether it be for their business or a vanity domain such as their last name, have recently been hit by a resurgence of domain name hijacking. While not illegal, it surely reeks of bad faith. How can folks who own their domain name make sure it doesn’t fall prey to bad actors?
First, let’s talk about some basics. The Domain Name System, commonly referred to as DNS, is a core component of the internet and has been around since its invention back in the 1960s. Nowadays domain names are purchased from registrars; some of the more popular ones include GoDaddy, NameCheap, Network Solutions and others.
Setting up a domain name requires “pointing” it to a name server. That name server may or may not be purchased from the same registrar as your domain. The name server in turn
defines the location of your website, where your email should be sent and various other things, such as who is allowed to send mail from your domain and a whole host of technical details.
In addition to providing name servers, many registrars engage in other services, such as website building and hosting, email hosting and the like. Other vendors also provide these types of services. And this is where some folks lose track.
But if you purchase of such products and services, you must keep track of some of the details. It is imperative that you know who your registrar is, have a valid login to that registrar, use a credit card in your name (as it appears on a government ID — more on that later) to pay for the service, and ensure that your email is set up on that account and that notifications are sent to your email address.
Do not assume your “IT person” or web developer will take care of such details. If you value your domain name, you should keep this information as close at hand as that of your bank account.
Why? If you lose track of the information used to set up the account, it will be extremely difficult to get that data back. If you didn’t keep track the details, it will be nearly impossible to regain access.
The most common way domain names are hijacked occurs when a registration expires. Vultures keep track of expiration dates, which are, for all intents and purposes, public knowledge, and they grab domains soon after an expiration. Most registrars allow a grace period, typically 30 days, but almost never more than 90 days.
All registrars will notify you of a pending expiration; after all, they want you to continue to use their serv-ices. But if your current email address is not where the notifications are being sent, you’re out of luck.
If you lose access to your account but your domain is still valid and the information you gave them when registering is still current, it is possible to recover your account. All registrars have a recovery process, which typically involves providing hard-copy documentation, including a government- issued identification. But if the name on your government ID is not the same as what was used during the registration process, you’re out of luck.
Another, less drastic form of domain hijacking occurs when the bad guys corrupt your name server records. But as long as you are the registered owner of the domain, you can recover from that kind of hit.
John Agsalud is an IT expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.